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Before JEAN R. HOMERE, DEBRA K. STEPHENS, and 
JAMES R. HUGHES, Administrative Patent Judges. 

HUGHES, Administrative Patent Judge. 



DECISION ON APPEAL 2 



1 Application filed February 28, 2002. The real party in interest is General 
Instrument Corp. (App. Br. 2.) 

2 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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STATEMENT OF THE CASE 

Appellant appeals from the Examiner's rejection of claims 1-6, 8-12, 
18, 20-22, and 24-26 under authority of 35 U.S.C. § 134(a). Claims 7, 13- 
17, 19, and 23 have been canceled. (App. Br. 2, 14-18.) The Board of 
Patent Appeals and Interferences (BPAI) has jurisdiction under 35 U.S.C. 
§ 6(b). 

We affirm. 

Appellant's Invention 
The invention at issue on appeal generally relates to a system and 
method for detecting duplicate client identities or clones in a communication 
system. (Spec, f [0010]. ) 3 

Representative Claim 
Independent claim 1 further illustrates the invention, and is 
reproduced below with the key disputed limitations emphasized: 

1. A method for detecting clones (unauthorized duplicate 
identities) of the client, the method comprising: 

forwarding a first signal from a client to a KDC, the first 
signal for requesting access to a server; 

verifying that the client is authorized to access the server; 

transmitting an authentication token including an 
encrypted session key from the KDC to the client, the 
authentication token for providing access to the server, wherein 
the authentication token is valid for a time T; 

receiving a second signal from an entity prior to 
expiration of the time T, the second signal for requesting access 



3 We refer to Appellant's Specification ("Spec."); Appeal Brief ("App. Br.") 
filed January 7, 2008; and Reply Brief ("Reply Br.") filed May 16, 2008. 
We also refer to the Examiner's Answer ("Ans.") mailed March 18, 2008. 
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to the server; wherein the entity has identifying information 
identical to the client; and 

marking the entity as a possible clone or denying the 
second request in order to prevent access to the server. 

References 

The Examiner relies on the following references as evidence in 
support of the rejections: 

Yang US 6,069,877 May 30, 2000 

Brezak US 2002/0150253 Al Oct. 17, 2002 

(filed Apr. 12, 2001) 

Brian Tung, Clifford Neuman, Matthew Hur, Ari Medvinsky, Sasha 
Medvinsky, John Wray, and Jonathan Trostle, Public Key Cryptography for 
Initial Authentication in Kerberos (RFC 151 Obis), at Section 2, Internet 
Engineering Task Force (IETF) (December 2001) ("Tung"). 

Rejections on Appeal 

The Examiner rejects claims 1-6, 8, 11, 12, 18, 20-22, and 24-26 
under 35 U.S.C. § 103(a) as being unpatentable over the combination of 
Yang and Brezak. 

The Examiner rejects claims 9 and 10 under 35 U.S.C. § 103(a) as 
being unpatentable over the combination of Yang, Brezak, and Tung. 

ISSUE 

Based on our review of the administrative record, Appellant's 
contentions, and the Examiner's findings and conclusions, the pivotal issue 
before us is as follows: 
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Does the Examiner err in finding Yang and Brezak would have 
collectively taught or suggested that "the authentication token is valid for a 
time T," and "receiving a second signal from an entity prior to expiration of 
the time T, . . . wherein the entity has identifying information identical to the 
client" as recited in Appellant's claim 1? 

FINDINGS OF FACT (FF) 
Yang Reference 

1. Yang describes, in relevant part, detecting a duplicate device 
identification requesting access to a mobile communication system, and 
denying access to the duplicate identification. {See Abstract; col. 2, 11. 44- 
50; col. 4, 11. 5-13; col. 11, 1. 64 to col. 12, 1. 34.) Specifically, Yang 
describes: 

receiving a session request from the mobile communication 
unit; determining the identification code of the mobile 
communication unit; determining if there already is a session in 
progress with any mobile communication unit having the same 
apparent identification code; and refusing registration to the 
mobile communication unit if there already is a session in 
progress with the any mobile communication unit having the 
same apparent identification code. 

(Col. 3, 11. 59-67.) 

Brezak Reference 

2. Brezak, in relevant part, describes controlling client access to a 
network utilizing a ticket-granting ticket (TGT) (ticket or token) and session 
key generated by a Kerberos Key Distribution Center (KDC). (ff [0004], 
[0053], [0055]-[0056], [0059]-[0060].) The ticket includes "start and end 
times for [the] ticket's validity." (1 [0048]; see \ [0055]; Fig. 3.) 
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3. Brezak also describes checking to determine if a user's ticket 
has been stolen (i.e., that a user's identity has been copied ) (ff [0059]- 
[0060], [0062]-[0063]): "[t]o prevent resending authenticators, KDC 306 
will reject any authenticator whose timestamp is too old" (f [0062]); "[t]o 
further ensure that the user isn't presenting a stolen ticket, KDC 306 may 
also verify that the IP address in the TGT matches the IP address of the 
system that sent this ticket request message 308" (id.); and "[i]f everything 
checks out, KDC 306 will believe that this user is who they claim to be, and 
will send back the requested service ticket through message 310" (f [0063]). 

ANALYSIS 

Appellant argues the limitations of independent claim 1 with respect 
to the Examiner's § 103 rejection of claims 1-6, 8, 11, 12, 18, 20-22, and 24- 
26. (App. Br. 10.) Appellant does not separately argue the Examiner's 
rejection of claims 9 and 10 under § 103. (App. Br. 10-11.) Therefore, we 
select independent claim 1 as representative of Appellant's arguments and 
groupings with respect to the Examiner's obviousness rejections. 37 C.F.R. 
§ 41.37(c)(l)(vii). See In re Nielson, 816 F.2d 1567, 1572 (Fed. Cir. 1987). 
We have considered only those arguments that Appellant has actually raised 
in the Briefs. Arguments that Appellant could have made but chose not to 
make in the Briefs have not been considered and are deemed to be waived. 
See 37 C.F.R. § 41.37(c)(l)(vii). 

Appellant has the opportunity on appeal to the Board of Patent 
Appeals and Interferences (BPAI) to demonstrate error in the Examiner's 
position. See In re Kahn, 441 F.3d 977, 985-86 (Fed. Cir. 2006) (citing In re 
Rouffet, 149 F.3d 1350, 1355 (Fed. Cir. 1998)). The Examiner sets forth a 



5 



Appeal 2009-006307 
Application 10/086,302 

detailed explanation of a reasoned conclusion of obviousness in the 
Examiner's Answer with respect to each of Appellant's claims (Ans. 3-13), 
and in particular independent claim 1 (Ans. 3-4, 10-13). Therefore, we look 
to the Appellant's Briefs to show error in the proffered reasoned 
conclusions. See Kahn, 441 F.3d at 985-86. 

Arguments Concerning the Examiner's Rejection of 
Representative Claim 1 

The Examiner rejects Appellant's independent claim 1 as being 
unpatentable over the combination of Yang and Brezak. (Ans. 3-4.) Based 
on the record before us, we do not find error in the Examiner's obviousness 
rejection of Appellant's claim 1. We agree with the Examiner that the 
combination of Yang and Brezak would have collectively taught or 
suggested the disputed features of "the authentication token is valid for a 
time T," and "receiving a second signal from an entity prior to expiration of 
the time T, . . . wherein the entity has identifying information identical to the 
client" (App. Br. 14 (Claim App'x. 1, Claim 1)) for essentially the reasons 
espoused by the Examiner (Ans. 10-13). 

The Examiner finds that Yang discloses, teaches, and/or suggests 
"receiving a session request," determining "if there is already a session in 
progress with any unit having the same identification code," and "refusing 
registration to the mobile communication unit" having the duplicate 
identification code. (Ans. 10; see Ans 3-4, 11.) Yang's disclosures support 
the Examiner's findings. (FF 1.) The Examiner also finds that Brezak 
discloses/teaches/suggests "start and end times of the ticket's] validity" 
(Ans. 11), i.e., a ticket (TGT) "valid for time T" (Ans. 12). Brezak's 
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disclosures support the Examiner's findings. (FF 2.) The Examiner further 
explains a rationale for combining Yang and Brezak. (Ans. 4, 12-13.) 

Appellant contends, inter alia, that: (1) "Yang discloses no time 
restriction on receiving a second signal," and "[t]he determination taught by 
Yang occurs at any time upon receipt of the second signal, with no reference 
to any time period associated with the validity or expiration of an 
authentication token" (App. Br. 7), and "[t]hus, Yang does not disclose 
Applicant's claim to receiving a request 'prior to . . . expiration of the time 
T" (App. Br. 8); (2) "Yang teaches away from taking into account any time 
period associated with the validity or expiration of an authentication token," 
in that Yang teaches the mobile communication unit identification will only 
be cleared when the mobile unit requests to end the session (App. Br. 8; see 
Reply Br. 3); and (3) "Brezak expressly teaches away from rejecting a 
second signal or request that is received 'prior to expiration of time T,'" in 
that "Brezak teaches rejecting a second request that is received after the 
expiration of a time T, while the present invention is concerned with a 
second request that is received prior to the expiration of a time T" (App. Br. 
9; see Reply Br. 3). 

Claim 1 recites, inter alia, "the authentication token is valid for a time 
T," and "receiving a second signal from an entity prior to expiration of the 
time T, . . . wherein the entity has identifying information identical to the 
client." (App. Br. 14 (Claim App'x. 1, Claim 1).) 

As detailed in the Findings of Fact section supra, we agree with the 
Examiner that Yang teaches a mobile communication device requesting 
access to a mobile communication system, detecting a duplicate mobile 
communication device identification (i.e., an identification identical to a 
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mobile device previously granted access, which attempts to access the 
network at the same time (during an existing session)), and denying access 
to the duplicate identification. (FF 1 .) We also agree with the Examiner that 
Brezak teaches controlling client access to a network utilizing a ticket 
(token) including start and end times for the ticket's validity (a validity time 
period). (FF 2.) 

We find that both Yang and Brezak teach controlling access to a 
network or system by a user or client - Yang teaches requesting access to a 
mobile communication system by a mobile communication device (FF 1), 
and Brezak teaches controlling client access to a network (FF 2). We also 
find that both Yang and Brezak teach detecting unauthorized access to a 
network by a duplicate user identification - Yang teaches detecting duplicate 
mobile communication device identifications during an existing session (FF 
1), and Brezak teaches determining if a user's ticket has been stolen (i.e., 
that a user's identity has been copied) (FF 3). 

Accordingly, we find that Brezak teaches a ticket (token) valid for a 
time T, and Yang teaches receiving a request to access the network by a 
mobile communication device having identical identifying information (a 
second signal and/or request) during an existing session, detecting 
unauthorized access to the mobile communication network by a duplicate 
user identification, and denying access to the second request. Thus, we find 
that the combination of Yang and Brezak would have at least suggested to 
one skilled in the art detecting unauthorized access to a communication 
network by a duplicate user identification (a duplicate ticket/token) during 
an ongoing, valid session, where the ticket remains valid for a period of time 
(a validity period specified by the ticket). 
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We also find Brezak to be in the same field of endeavor as Yang, and 
conclude, as did the Examiner, that it would have been obvious to an 
ordinarily skilled artisan at the time of Appellant's invention to combine 
Yang and Brezak because combining Brezak' s teaching of a ticket having a 
validity period with Yang's teaching of detecting unauthorized access by a 
duplicate user identification during an existing session is tantamount to the 
predictable use of prior art elements and techniques according to their 
established functions - an obvious improvement. See KSR Int'l Co. v. 
Teleflex Inc., 550 U.S. 398, 417 (2007). We also find that the Examiner 
articulates a rationale - protecting the system from access by unauthorized 
users (i.e., improved performance and/or efficiency) - for combining Yang 
and Brezak {see Ans. 4, 12-13) based on "some rational underpinning to 
support the legal conclusion of obviousness." KSR, 550 U.S. at 418 (quoting 
Kahn, 441 F.3dat 988). 

We further find that Appellant's disputed limitations - "the 
authentication token is valid for a time T," and "receiving a second signal 
from an entity prior to expiration of the time T, . . . wherein the entity has 
identifying information identical to the client" - would have read on these 
teachings of Yang and Brezak. Thus, we find that the combination of Yang 
and Brezak would have collectively taught or suggested the disputed 
limitation as recited in Appellant's claim 1. 

Appellant's contrary arguments are unpersuasive for a number of 
reasons. Initially, Appellant attempts to attack the references individually, 
instead of addressing the combination of references. See In re Merck & Co., 
800 F.2d 1091, 1097 (Fed. Cir. 1986) (noting that one cannot show 
nonobviousness by attacking references individually where the rejections are 
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based on combinations of references (citing In re Keller, 642 F.2d 413, 425 
(CCPA 1981))). We note that the Examiner cites the disclosures of Brezak 
for the teaching of the ticket/token having a valid time period, and the 
disclosures of Yang for the remaining disputed features, while Appellant 
attacks Yang for failing to disclose a ticket/token having a valid time period 
and Brezak for failing to disclose rejecting a duplicate identification during 
the time period. Also, Appellant's arguments are not commensurate with the 
scope of Appellant's claim. Appellant's claim simply recites a "token . . . 
valid for a time T," "receiving a second signal . . . prior to expiration of the 
time T," and "denying the second request." In contradistinction to 
Appellant's arguments, Appellant's claim does not recite any functional 
relationship among these limitations. Appellant argues that Yang fails to 
teach a determination occurring within a specific time period (App. Br. 7-8) 
and Brezak fails to teach rejecting a second signal prior to expiration of the 
time period (App. Br. 9-10); however, Appellant's claim does not recite 
either feature. 

We also find unavailing Appellant's arguments that Yang and Brezak 
teach away from one another and Appellant's invention. A reference may be 
said to teach away from the invention if it criticizes, discredits, or otherwise 
discourages modifying a reference to arrive at the claimed invention. See In 
re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). "[W]hen the prior art 
teaches away from combining certain known elements, discovery of a 
successful means of combining them is more likely to be nonobvious." 
KSR, 550 U.S. at 416 (citing United States v. Adams, 383 U.S. 39, 51-52 
(1966)). We will not, however "read into a reference a teaching away from 
a process where no such language exists." DyStar Textilfarben GmbH & 
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Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1364 (Fed. Cir. 
2006). Here, Appellant fails to point to any explicit language in Yang or 
Brezak discrediting usage of Brezak's ticket in the system of Yang. That 
Yang does not teach a specific validity time period - and instead teaches an 
existing session valid until a user sends a request to end the session (App. 
Br. 8) - and Brezak teaches a different method of checking to determine if a 
user's identity has been copied (a user's ticket has been stolen) (App. Br. 9- 
10) does not teach away from utilizing a ticket having a specific validity 
period (as taught by Brezak) in a system for determining duplicate 
identifications (as taught by Yang). 

Thus, we find Yang and Brezak would have collectively taught or 
suggested Appellant's disputed claim limitations as recited in Appellant's 
representative claim 1. Appellant does not separately argue claims 2-6, 8- 
12, 18, 20-22, and 24-26 (supra), and these claims fall with representative 
claim 1. It follows that Appellant does not persuade us of error in the 
Examiner's obviousness rejections of claims 1-6, 8-12, 18, 20-22, and 24-26, 
and we affirm the Examiner's rejection of these claims. 

CONCLUSION OF LAW 
Appellant has not shown that the Examiner erred in rejecting claims 
1-6, 8-12, 18, 20-22, and 24-26 under 35 U.S.C. § 103(a). 

DECISION 

We affirm the Examiner's rejection of claims 1-6, 8-12, 18, 20-22, 
and 24-26 under 35 U.S.C. § 103(a). 
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No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(v). 

AFFIRMED 



msc 



Motorola, Inc. 

Patent Operations Law Department 
600 North US Highway 45 
IL93-W2-55BB 
Libertyville IL 60048-5343 



12 



